Access Orlando's Funny but true Story Archive

In this episode, we're going to talk about spammers, and the people who
try to get away with it. Some even have the nerve to try to seek
compensation for "loss of business" when we terminate their account
due to the abuse reports that start flowing in.

Generally, if someone calls us and asks, "Do you block port 25?",
red flags go up, and we give them a fairly standardized answer.
We tell them, "No, you are given an IP address when you connect,
and there are no filters between that IP and the rest of the world.
However, per our terms of service agreement, if you use our
service to send out bulk, unsolicited e-mail, and we receive
any abuse reports which are tracked back to your account, your account
will be terminated immediately, without refund."

Our dial-up lines are set up like many other small ISP's are. We have
ISDN PRI lines coming into our facility, terminated into Ascend Max
4048 Remote Access Servers. Those Maxes are plugged into an ethernet
switch, one of the ethernet ports on our main border router is
also plugged into that switch, and the Maxes use that router as a default
gateway. That border router has several dedicated connections to the
Internet and there aren't any control lists nor is there any firewalling
done on any of those interfaces. Anyone connected to the Maxes has
a straight, unfiltered path to the rest of the world.

Our story starts on Monday, February 4th, 2002 when we
opened a new account for a man who called and asked the magic question,
"Do you block port 25?". After receiving a close adaptation of the
statement above by one of our support technicians, he agreed and asked
to go ahead and start an account. We happily oblidged and got all
of the necessary accounting information. Then he came by our office with
a check for the first month, and we activated his account.

A short time later, he called to speak to one of our support
technicans and asked why we were blocking him from using port 25.
Our technician was puzzled by the question, but assured him that between
his modem connection and the outside world, there is nothing on our
network that will block him from making connections to anywhere else
on port 25.

He must have figured something out, because on February 12, we began
receiving abuse reports from SpamCop.
After investigating the reports, we determined that the person
connected to the IP in which the spam originated was, indeed,
this same man who had asked about port 25. Per our Acceptable
Use Policy, our abuse technician disabled his account.

The man called to speak to one of our support technicians again to
ask why he couldn't get connected to our dial-up lines. After
looking into the notes on his account, our technician informed the
man that we had received spam abuse reports that originated from
that account. The man became outraged and said that he was only
e-mailing people who had asked to be e-mailed, and that he had a
signed statement from all of them. Our technician explained to him
again that we have a zero tolerance on spam, and that since we had
received abuse reports, and the account was locked out due to abusive
activity, there was nothing that he could do. The man then asked to
speak to a manager, so our technican passed the call over to our
project manager. Our project manager was on the phone for a while,
trying to explain that it's our policy to terminate without refund
after receiving abuse reports. The man finally hung up out of
frustration, but not before mentioning that five other ISPs have
"cut him off for the same reason."

On February 14th, we received this pretty humorous letter. The links
are points that we thought we'd like to highlight and explain a little
bit about. Thanks to Erik Bosrup's
OverLIB javascript,
all you have to do is hover your mouse over the link to see the comments.
If you don't have javascript capabilities, you can click on the link,
and it takes you to a separate page with all of the comments.

Re: Your misdealings

Dear Access Orlando:
I have not yet found out if you are a corporation or not. It
would seem not with the way you use your name. I have been scammed
before, but you people, to get so little money, sure went to a lot of
trouble. Before I bought your ISP service, I told the man on the phone,
it sounded like Mike, that I had commercial software, which would not
work properly if Port 25 was blocked or filtered. I was assured that
I would not be blocked or filtered.
Based on your representations, I signed up for your service and
had your check hand delivered on Sunday, and got connected on Monday.
I had a tribal email going out, and worked to prepare it.
Imagine my surprise to find out my email could not get connected,
and when I ran a test, of all things,
Port 50 was blocked. I called on Monday of
this week, the first time I had a chance, since you are closed on the
weekends. Again I was assured by Mike that my Port 25 was not blocked,
and that it was
my software which was defective.
After discussing the blockage with Mike, I went back to my
software, and then to it's designer. I was told if the software
came out with a "blocked" result, if I wanted the soft ware to work,
you would have to unblock Port 25. I called again this morning
at 9:47 a. m. and again was told by Ron that there was no blockage
of Port 25. After asking questions for several minutes, it turned
out that Port 25 was
indeed blocked by Sprint, which you use.
Ron knew it, and I am sure Mike did too. And I was lied to by people
who wanted to catch another sucker, thinking nothing would happen.
After lunch today, I could not send out Yahoo e-mails, and I
could not send an important letter by email to an attorney who was
on the other side. I made other arrangements to get this document
sent. But not before several tries on Yahoo. In addition, since
I could not send my e-mails to (243
individuals) my tribe members, on this past Monday I arranged to
have those 243 letters mailed, at the cost of
$6.78 each or for a total of $1,647.54.
I know the difference between capital and labor
and when I am treated badly, like you have treated me, I am willing
to be an instructor.
This afternoon, about 2:37 p. m., I tried to get on the Internet
to get some more legal research done. (I subscribe to a service, like
a lot of attorneys) It would not connect. I called and Mike answered
again. I asked him why I could not get on the Internet. The cheeky
little bastard had the nerve to tell me that I had complaints against
me for sending spam, and they had cut me off. He seems to have
forgotten that I was the ass hole who called Saturday, Monday and
Tuesday, because my email would not work. He
could not tell me who
complained, how many complaints I had,
nor who could.
He offered to have his boss call me,
which has not happened.
I will lose out on revenue because I was cut off your ISP for
a false reason. I am sure Mike and Ron were trying to cover their
ass es for telling me a lie, and then continuing to cover it up. But
when someone tries to accuse me of a crime, then I am not
sympathetic. As whoever runs this outfit will soon know.
I see why Mike said that you all had a lot of
trouble with Sprint.
Dealing the way you all do, it is a wonder you are not all in jail.
I am suffering damages because of several losses. I expect
compensation for the following:
1. My letters in the amount of $1,647.54;
2. My
$20.00 initial payment, procured by fraud;
3. My loss of revenue from not being able to connect to the
ISP for legal research; ($4.75/min
x 2 = $9.50/min x 60 min. = $570/hr x 27.5 hrs = $15,675 loss of
research revenues) {It could go much higher, especially if I lose or
have a case thrown out. Damages can be really big then}
4. Because you lied to me about having an open Port 25, I
want you to pay for an ISP who has an open Port 25, for the next
year;
5. Be prepared to be liable for bigger losses because of your
fraud, which I relied upon;
It is bad when I have to have
"dropouts" tell me that
I am sending spam to my blood relatives and their friends who want
to be updated. I do not know what you have put on your ISP, but I
will do any reasonable deal you want, at your expense, to have my
computer checked. We all know every thing we do is kept somewhere
on the hard drive.
You people may be used to dealing with teens, who you can bluff,
and "tired daddies", who are not really interested in the computer so
long as they get on the porno sites. But if you people want it to
be called spam when I write my tribal members and their friends, we
will quite soon be able to find a judge to put things in order. Someone
had better get those attorneys out that Mike told me about
today. I am especially interested in how I sent out spam, when
only my Yahoo email works. I am soon going to find an answer.
This will be after I have talked with Sprint. After I have talked
with the Justice Department in Orlando, or failing that, with Tampa.
After I talk with a couple of attorney friends of mine, to see what
the take may be. You may be used to having people slither into the
woodwork when you accuse them of spam, but I come out further. Just
look above to see my name and address and phone number.
You have two weeks to meet my numbered demands.

Sincerely,

[name not disclosed]

And, there you have it. No wonder there's so much spam going around
out there. There are people like this that actually exist in the world
who make it happen.

Here are the examples of some of the abuse
reports. For the most part, they are un-doctored. We have only
removed the portions that would disclose e-mail addresses or names.
This is to help keep more spam from being circulated by web spiders
which harvest e-mail addresses for spam lists.

From //e-mail removed// Thu Feb 14 20:27:51 2002
Return-Path: <//e-mail removed//>
Received: from SCUACC.scu.edu (scuacc.scu.edu [129.210.8.1])
by mail-gw.ao.net (8.12.0.Beta19/8.12.0.Beta19/Debian
8.12.0.Beta19) with ESMTP id g1BIk8IA013108
for <[redacted]@ao.net>; Mon, 11 Feb 2002 13:46:14 -0500
Received: from cio ([129.210.146.160]) by scuacc.scu.edu (PMDF V6.0-23
#41421)
with SMTP id <01KE58FKQUN8000XPU@scuacc.scu.edu> for [redacted]@ao.net; Mon,
11 Feb 2002 10:45:59 -0800 (PST)
Date: Mon, 11 Feb 2002 10:55:55 -0800
From: //name removed// <//e-mail removed//>
Subject: Junk Mail
To: [redacted]@ao.net
Message-id: <003e01c1b32d$bc551f80$a092d281@cio>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Dear Sir/Madam,
Please follow up on the junk message belowed sent via your network. Please
reply to us. Otherwise, we will have no choice but to block all mail from
"mail.ao.net" on our server.
Thanks
David
System Administrator for //name removed//
Return-Path: <Johnie@mail2world.com>
Received: from mail.ao.net (mail.ao.net [205.244.242.23])
by ceo.deltapath.com (8.11.6/8.8.7) with ESMTP id g1BIf7w15013
for <//e-mail removed//>; Tue, 12 Feb 2002 02:41:08 +0800
Received: from mail.ao.net (port05.max1.ao.net [205.244.242.105])
by mail.ao.net (8.12.0.Beta19/8.12.0.Beta19/Debian 8.12.0.Beta19)
with SMTP id g1BIeiIA011393
for <//e-mail removed//>; Mon, 11 Feb 2002 13:40:58 -0500
Message-Id: <200202111840.g1BIeiIA011393@mail.ao.net>
From: "Johnie" <Johnie@mail2world.com>
Date: Mon, 11 Feb 2002 13:38:00
To: //e-mail removed//
Subject: Win $10,000 dummie
MIME-Version: 1.0
Content-Type: text/plain;charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-UIDL: bo]"!jI/!!'2l!!PL2"!
----- Original Message -----
From: "Johnie" <Johnie@mail2world.com>
To: <//e-mail removed//>
Sent: Monday, February 11, 2002 1:38 PM
Subject: Win $10,000 dummie
> MIGHTY
MOUNTAINEERS
> COME WALK WITH THE WEST VIRGINIA HISTORICAL SOCIETY AND FIND
> FACTS THAT ARE MORE INTERESTING THAN
FICTION.
>
> We wish to introduce you to West Virginia Supreme Court Justice Larry V.
Staarcher, and share with you facts which showed up in our research:
>
> YOU MAY WIN UP TO $10,000 FOR THE
> RIGHT ANSWERS TO OUR QUIZ
>
> If you know the answers to the following 10 QUESTIONS,
call the numbers below to claim your Prize.
>
> In the spirit of fairness, please do not guess. Sorry if the nmbers may
be long distance, but we wish out quiz to get the best results we can
achieve.
>
> 1. Question: Why has Larry V. Starcher refused to take a drug test since
1962?
> a. He is afraid of needles;
> b. He has been out of town and could not make an appointment;
> c. He knows what the results will be and is afraid others will
reveal this information;
> d. He believes sincerely drug tests do not work;
> e. All of the above;
> f. None of the above.
>
>
>
> Answer: _________________
>
>
> 2. Question: When did Larry V. Starcher first become involved with and
succumb to organized crime's wishes?
>
> a. 1981;
> b. 1982;
> c. 1983;
> d. It hapened over a different period of time;
> e. All of above;
> f. None of above.
>
>
> Answer: _______________
>
> 3. Question: Larry Starcher was best liked during what period of time?
(This one is tricky so be careful)
> a. His first day as judge;
> b. The day he wet his pants at a high school basketball game;
> c. The day before he was born;
> d. All of the above;
> e. None of the above;
>
>
> Answer: ____________
>
> 4. Question: Did Larry Starcher ever run for any other office than judge
and fail?
> a. No.;
> b. He ran for dog catcher and won;
> c. He ran for Sunday School teacher with the Jehovah's Witness
Church and won;
> d. He ran for sheriff and lost so bad people laughed at him
for 2 years;
> e. All of the above;
> f. None of the above.
>
>
> Answer: ______________
>
> 5. Question: Who made Larry V. Starcher join organized Crime?
> a. Flash Gordon and the space cadets;
> b. His mother and father to make sure he had retirement
security;
> c. His attorney, S. J. Angotti;
> d. All of the above;
> e. None of the above.
>
>
> Answer: ________________
>
> 6. Question: If Larry Starcher is a judge, why would he have a lawyer?
> a. He was trying to learn about the law so he could be a good
judge;
> b. He was under a federal drug investigation;
> c. He was too young to get into the bar he liked;
> d. All of the above;
> e. None of the above.
>
>
> Answer: _________________
>
> 7. Question: Does/has Larry V. Starcher take/taken drugs?
> a. No one is for sure because he refuses to take a drug test;
> b. His drug use was talked about on the Morgantown radio so
everyone knows;
> c. He can not help if his nose runs all the time;
> d. He has been seen using at parties with his friends;
> e. All of the above;
> f. None of the above.
>
>
> Answer: _________________
>
> 8. Question: Who did Larry V. Starcher buy his drugs from when he worked
at Legal Aid?
> a. Zorro;
> b The 3 Stooges;
> c. Ex football player and known dealer, Willie Winston;
> d. All of the above;
> e. None of the above.
>
>
> Answer: __________________
>
> 9. Question: Why did Larry V. Starcher's first wife approve him taking
drugs?
> a. She thought the cocaine was gotten from his doctor's
periscription;
> b. She thoughtpot looked good while growing and adding oxygen
in their upstairs rooms;
> c. She did not approve and left him because of drugs, not
because of his philandering;
> d. All of the above;
> e. None of the above.
>
>
> Answer: ______________
>
> 10. Question: Why has Larry V. Starcher not been arrested for taking
drugs?
> a. He has been and then he forced the cops to let him loose;
> b. He has been, but the records have been sealed;
> c. He is part of organized crime and is immune from arrest;
> d. All of the above;
> e. None of the above.
>
>
> Answer: _________________
>
>
> WARNING: If you think you can guess and call to annoy the people on the
other end of the line, those taking answers, please do not or you will piss
them off and they just might be bigger than you and give you a poke in the
nose. However, if you know something else about Larry V. Starcher that you
believe is strange, wrong or you think probably is illegal, you may call
this information in and get some extra points for the questions you missed.
This contest is in fun, but folks who take advantage of fun are often
disliked by others.
>
> In Southern West Virginia call: In
Northern West Virginia, call
> (304)347-5136
(304)234-0100
>
> Ask for the person on duty who is taking answers to the Larry Starcher
questions. These people are busy, so please only give them facts. Thank
you.
>
> Good Luck Hillbillies. Mountaineers are always
free!!!!!!!!!!!!!!!!!!!!!!!!
>
> This is an editorial product, which are the beliefs of the author, and
reflect the opinons or beliefs of no one other than the author, published to
promote good humor, friendship, to polk fun and stimulate hillbilly thinking
about what is going on in this great state.
>
> THIS EMAIL IS NEVER SENT OUT UNSOLICITED! You are arreceiving this email
because you signed up through one of our selected opt-out offers. Removal
instructions appear below. To remove yourself from this mailing list, point
your browser to alandarlin@Juno.com Enter your email address
(yourname@hotmail.com) in the field provided and in the subject line type
"Unsubscribe" The mailing list ID is "theechurchlady".
>

Here's another one. The content of the spam is the same, so it was
left out, but the report and headers have been left. It looks like
person submitting the report left out the e-mail addresses for us.

It doesn't take rocket science to see that these two reports are
plainly of spam, even if they do say that they are not unsolicited
in the body of the message. I don't care how many folks ask you to
send e-mail to them, they're not going to ask you to send them one
with "Win $10,000 dummie" in the Subject.

There were several other reports, but they all looked fairly the same,
so I'll spare you the details.

The way we determine which one of our customers is sending the
unsolicited e-mail is by checking the timestamp in the e-mail from
when it originally hit the outgoing e-mail server. We go through the
logs and find which account was connected to that dynamic IP at
the time the message was originally sent. Here is a copy of that
piece of log. We've removed the name of the account and the caller
ID phone number to protect the guilty, but it does, indeed, have
his account name listed.

He connected at 12:24:33 and disconnected at 16:34:19. The entire time
the he was connected, his assigned IP address was 205.244.242.105.
This matches the time and the originating IP address that the spam
reports show, and yes, we are in GMT -0500.

Here is an example of one of the 46,117 lines of log file. This one shows
that the spam was originating from a different IP than above.

We checked through the dial-up logs, and sure enough, it's the same
account connected. It looks like in trying to send out all of this
data, he flooded himself off of his dial-up connection somewhere in
the middle because the time he disconnected was very close to the time
that the mail server received the last connection from his IP. In the
minute that he was connected, he managed to send out 60 e-mails.

His activity generated 10,053,339 bytes of mail server log file alone.
He had a recipient list of 11,681 individual, unique e-mail addresses.
A search through the log reveals that his activity generated 11,997
individual messages to be sent, which means that some recipients probably
received the spam more than once. Of the 11,997 e-mails that went out,
8,767 were actually delivered to their destination. This all means that
potentially, we could receive that many abuse reports and our
mail server could be put on blacklists, preventing our customers from
sending legitimate e-mail. This is why we call it "abuse" and have
zero tolerance for it.